Browser ‘Favicons’ Can Be Used as Undeletable ‘Supercookies’ to Track You Online

Favicons are one of those things that basically every website uses but no one thinks about.
When you’ve got 100 tabs open, the little icon at the start of every browser tab provides a logo
for the window you’ve opened. Twitter uses the little blue bird, Gmail is a red mail icon, and
Wikipedia is the bold W. It’s a convenient shorthand that lets us all navigate our impossible
tab situation.

According to a researcher, though, these icons can also be a security vulnerability that could
let websites track your movement and bypass VPNs, incognito browsing status, and other
traditional methods of cloaking your movement online.
The tracking method is called a Supercookie, and it’s the work of German software designer
Jonas Strehle.

“Supercookie uses favicons to assign a unique identifier to website visitors. Unlike traditional
tracking methods, this ID can be stored almost persistently and cannot be easily cleared by
the user,” Strehle said on his Github. “The tracking method works even in the browser’s
incognito mode and is not cleared by flushing the cache, closing the browser or restarting the
system, using a VPN or installing AdBlockers.

Read complete article at source

By Matthew Gault February 9, 2021, 7:00am